Feature
Providing a roadmap to information management in TREs: SATRE blog series
Published on 26 August 2024
An introduction to SATRE and Information Governance in Secure Data Management in Trusted Research Environments (TREs)
About SATRE
In a world overflowing with data and rapidly advancing technology, the need to manage this data safely is paramount. Trusted Research Environments (TRE) are secure computing environments designed for handling sensitive data in a way that ensures security. But not all TREs are created equal. At the Health Informatics Centre (HIC) we have been working on open standards to improve this.
The Standardised Architecture for Trusted Research Environments, SATRE, is a set of best practices aimed at standardising TREs. The project was funded in 2023 and led by HIC, by Dr Chris Cole and Dr Simon Li with widespread support and over 60 organisations taking part in this collaboration.
SATRE defines what TREs should be like, detailing requirements across four different pillars: Information Governance, Computing Technology, Data Management and Supporting Capabilities. There are 75 mandatory specifications to ensure TREs are SATRE compliant. Here at HIC, we continue to champion SATRE and work with the UK TRE community. We are publishing our first-ever blog series introducing you to SATRE.
The first pillar: Information Governance
We will start at the beginning with Information Governance (IG), the foundation of Trusted Research Environments (TRE). IG is an umbrella term that relates to the management of information, ensuring the integrity and security of TREs. It covers people, processes, IT systems, and risk management. SATRE has 32 mandatory statements with a mix of legal requirements, quality management, and operational procedures. For our TRE, 14 of the 32 specifications are covered by HICs ISO27001 accreditation. These Information Security Management Systems (ISO 27001) are set by the International Organization for Standardization (ISO), an independent organisation that provides this robust framework for managing information security risks and ensuring the protection of sensitive data.
SATRE’s IG pillar covers the following aspects, all of which we document through our project management system:
- Governance requirements: e.g. ensuring compliance with legal standards for processing personal data. HIC are accredited by ISO27001, adheres to the Scottish Safe Haven Charter, and NHS England’s Digital Security Protection Toolkit.
- Quality management: e.g. maintaining version control of documentation, such as our Standard Operating Procedures (SOPs).
- Risk management: e.g. completing data processing assessments for all TRE projects. HIC project data provided is pseudonymised, proportionate, and minimised, frequently using Data Protection Impact Assessments for research projects.
- Study management: e.g. regulating projects, we record evidence of approved ethics where projects need it.
- Member accreditation: e.g. TRE User credentialing, requires the completion of mandatory IG training and signing our TRE User Agreement.
- Training delivery and management: e.g. skills-based training; HIC staff undergo specialised training tailored on their role. Like our TRE Users, HIC staff must complete mandatory IG training, cybersecurity training, GDPR training, undergo a police check (Disclosure Scotland), and sign an Agreement before allowing access to our project management system. We apply proportionate roles-based access to resources and use identity management, e.g. the use of Active Directory allows us to manage permissions.
Further information
You can read more about our SATRE evaluation, or our SOPs, and our approach in our HIC ISMS pages.
Information Governance can be difficult to navigate due to the sheer breadth and variety of needs that are specific to each project. One strand of possible future work for SATRE is to align the requirements with the Five Safes Framework, but for now our blog will introduce you more broadly to our TRE evaluation of SATRE.
We would recommend getting in touch with us to discuss how HIC and our TRE can help your research.
Explore our blog to learn how Trusted Research Environments enable secure and ethical data sharing for impactful research